Systems for testing logic circuits are known in the field of data processing. For example, it is known to test digital processors with so called ‘self-test software’ for digital processors used for safety relevant applications or other applications which require a high reliability or operational availability, such as chassis control or power train control in vehicles. The self-test software is typically embedded in the application run by the digital processor and consists of a set of test routines, and an interfacing program between the test routines and the user application. Each test routine represents a piece of code which is designed to perform a test on a part of the logic circuit in order to detect physical defects. The test routine reports a result of the test to the interfacing program. The interfacing program determines an overall result from the test results reported by the individual test routines.
Self-test software is often used in safety relevant applications, such as control of cars or airplanes, and it is often required to demonstrate that self-test software meets the safety requirements for which usually strong evidence is needed. To establish to a sufficient extend that the self-test software meets the safety requirements, un-quantified claims are not sufficient. Instead, it needs to be proved that the self-test software does indeed detect faults in the logic circuit. This proof can be obtained by using an abstract, mathematical approach or, alternatively, by fault grading, that is by simulating the relevant fault scenarios and observing the behaviour of the self-test software. in order to provide the required proof, it is known to fault grade the test routines individually, by simulating a number of faults and to determine the number of fault detected by the specific test routine.
However, a disadvantage of the known systems is that the propagation of the test result from the test routine to the application can suffer from fault masking, so even though the test routine detects the fault it may become invisible to the application due to the fault.
Another disadvantage is that, in case the operation of the interfacing program is controlled, and hence influenced, by the application, it is difficult to fault grade the interfacing program itself in particular because the interfacing program is typically provided separately from the application.